Information Protection and Security

Information Protection and Security is tracking the activity of the Flashback malware which can infect Macintosh computers on the Rutgers network.

 I've been asked to help get the word out about this critical patch (and 6 others) for the Windows OS.  The vulnerability affects all supported versions of Windows.  Systems can be remotely compromised (including XP/Vista/7), and makes it attractive to any hacker.  
Have a great day...and patch Tuesday!!   Stop. Think. Secure IT!!

 I think I just found something that will help us all out.  Zulu came out with a free URL risk analyzer.  We're always warning users to stay away from clicking on links especially on social network sites.  Now you can right click to copy the link, and put it in the Zulu URL Riak Analyzer.  I tried it and it works pretty well. If it holds true it could save us all a few headaches and some bad decision making.

Article link

Cyber criminals often use multiple methods, such as phishing emails and phony websites, to attract online shoppers and gain access to and exploit their personal information. Additionally, attackers who pose as legitimate online businesses and services will use fraudulent emails and websites to infect an unsuspecting shoppers computer with malicious code.  

I just received  a warning about groups soliciting funds for "the veterans".  These groups are phishing and giving out misleading information about who they are actually affiliated with.  Do not donate to any cause unless you are absolutely certain that it's sponsored by an organization you trust and have donated to previously. 

Being careful is also true for this holiday season.  Be aware that phishing and fraud are alive and well online.  Check out your Charity!

There are websites to help guide donations.  One of them is Charity Navigator.

Stop. Think. Secure IT!

The goal of many compromises is identity theft.  Do you know what to do if you find your identity in trouble? Identity theft is a federal crime in which an imposter obtains information by false pretenses for personal gain. Personal information like your drivers license, credit card numbers, social security number (etc.) can be stolen from you in a variety of ways. 

Social engineering is the attempt to manipulate or trick a person into providing information or access to a system's information, and bypassing network security.  Phishing, shoulder surfing, dumpster diving, scams and other tricks are all a part of social engineering and manipulating people.

Microsoft says the main reason phishing scams are so popular these days is because it's so much easier to trick a human into doing something stupid than it is to identify and exploit a hardware or software fault. 

 We all like the user friendlness of the Internet and our keyboards.  That's the downfall of it all.  The friendliness promotes trust...and we're compromised.  Social engineering is how criminals now make their money, but they're called cyber criminals now.